binarybeach/bb-plane-fork
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
bb-plane-fork/apps
History
sriram veeraghanta 587fe76032
fix: prevent privilege escalation in project member role updates (GHSA-494h-3rcq-5g3c) (#8833) 
Restrict role modification in ProjectMemberViewSet.partial_update to
Admins only and enforce that requesters cannot modify or assign roles
equal to or higher than their own. Previously, Guests could demote
Admins by exploiting a missing lower-bound check on role changes.

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-06 15:54:01 +05:30
..
admin chore: version bump 2026-03-31 17:09:35 +05:30
api fix: prevent privilege escalation in project member role updates (GHSA-494h-3rcq-5g3c) (#8833) 2026-04-06 15:54:01 +05:30
live chore: version bump 2026-03-31 17:09:35 +05:30
proxy Merge branch 'canary' of github.com:makeplane/plane into preview 2025-12-12 13:42:48 +05:30
space chore: version bump 2026-03-31 17:09:35 +05:30
web [WEB-6813] fix: module not associated when accepting intake work items (#8839) 2026-03-31 23:39:34 +05:30